View Issue Details

IDProjectCategoryView StatusLast Update
0019168phplist applicationAll Otherpublic19-04-18 08:08
Reportersuela 
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Product Version3.3.2-RC3 
Target Version3.3.3Fixed in Version3.3.3 
Summary0019168: Can not update preferences due to "Email address you entered do not match" error
DescriptionWhen clicking "update preferences" link on the emails I enter the correct email address but when pressing "Update" I get the following error:

"Email address you entered do not match"

See screenshot

PS: That message also needs to be changed to "Email address you entered doesn't match"
TagsNo tags attached.

Relationships

duplicate of 0018767 assignedmichiel Clarify preferences page fields: Do not require replacement of obfuscated email address 

Activities

suela

09-04-18 08:27

administrator  

EmailDoesn'tMatch.jpg (74,302 bytes)
EmailDoesn'tMatch.jpg (74,302 bytes)

michiel

09-04-18 21:37

manager   ~0060346


Yes, you will need to enter your email address in both fields for it to work.

suela

11-04-18 08:58

administrator   ~0060370

@michiel you are right, but it would be good if the "Email" field was an input placeholder instead as it is somehow confusing (to me at least).

michiel

11-04-18 09:19

manager   ~0060371

This is to avoid leaking data, so it's for security. Basically, by obscuring the email, it acts as a password, which only the owner should know. Not entirely fail safe, but better. If we were to display the full email address, hackers would be able to try to "harvest" all the addresses from the database.

FYI @samtuke

samtuke

11-04-18 10:00

administrator   ~0060373

I think that @suela is asking that the "email address" field default text uses the placeholder attribute instead of value= so that it is more obvious to the user that it needs to be replaced by them.

michiel

11-04-18 10:36

manager   ~0060380

Sorry, I don't understand what you mean with the placeholder attribute.

When you get to this page, it generally is from a link in an email. As a result, the obfuscation of the email address works as a verification that you are who you say you are. That is an important check. This page reveals private information and needs to be protected.

duncanc

11-04-18 10:45

developer   ~0060381

This has been raised before by Sam https://mantis.phplist.org/view.php?id=18767 with some possible solutions.

samtuke

11-04-18 18:32

administrator   ~0060385

@duncanc Thanks; I'd forgotten about that

@michiel In HTML5 there is an attribute for input elements called placeholder which browsers use to include default input field text which is visible but may not be submitted and disappears on focus (https://www.w3schools.com/tags/att_input_placeholder.asp). We could also use the 'required' attribute to prevent submission without the placeholder text being replaced.

samtuke

11-04-18 18:50

administrator   ~0060386

PR to adopt the placeholder attribute method: https://github.com/phpList/phplist3/pull/292

michiel

11-04-18 20:35

manager   ~0060388


as it stands, that won't make it into 3.3.2 as it's now in master and not in release-3.3.2
if you want that, let me know and I can cherry-pick